Experience the new TAFE NSW website... Launch Beta!
Browse hundreds of courses with a wide range of study options from online courses to diploma qualifications, training and full-time education. Learn more
A variety of scholarship opportunities are available for different areas of study, across the state. Learn more
View our news, press releases, videos, announcements and publications about TAFE NSW. Learn more
A hacker can use a video card to automatically guess
billions of passwords in seconds
The pace of technology is amazing. Our generation is talking about
megabytes, gigabytes and terabytes, but the next generation will talk
about petabytes, exabytes and zettabytes. While most people may use
the extra processing power for things like converting files or quicker
encoding of videos, some people will use it to try and crack your password.
If you're one of the millions of people who use the same password on
more than one website, then this article is for you.
Interacting online often involves signing up to a website, which
means creating a username and password. For me the list is long… I've
signed up to GeoCities, Hotmail, my own domain, Myspace, eBay, several
ISPs, Yahoo, Gmail, PayPal, my bank and so on. But over the course of
a few years some of these sites were hacked and passwords were
exposed. I thought I was clever and changed my password by adding a
These days, more and more high profile sites are being hacked and
millions more passwords are being revealed. Many websites have started
enforcing complex passwords that contain things like numbers, letters,
symbols and one uppercase letter with no repeating characters. Before
too long, remembering passwords is going to be impossible.
Good websites will either encrypt your password or turn it into hash,
which is a one-way representation of the password that can't be
reversed. More secure websites will combine your hashed password with
a random chunk of text (known as salt). This means every time you
logon to that site, your password is hashed and then compared to the
same one-way hashed version of it. Hashed passwords are usually long,
so it would take a human a very long time to go through all the
possibilities, one by one, for a 10-character password.
The problem is that humans don't do the tedious grunt work guessing
passwords - computers do. A hacker can use a video card to
automatically guess billions of passwords in seconds. A hacker who's
obtained a hashed password and a salt from a website can then generate
billions of new hashes until they match your hashed password. The more
websites you've signed up for and the more times you've used the same
password, the higher the chances are that a hacker can use your
password for www.lolcats.com to break into other sites.
Ideally your passwords should be over 30 characters long and should
be different for every site. Changing your passwords every month is a
good idea as hackers rarely use your exposed login details straight
away. Consider using a software password manager to securely generate
and store your passwords. A separate/long password for each site is ideal.
If you want to see how long it would take a hacker to crack your
password check out https://howsecureismypassword.net
To learn how the Internet works and how you can protect yourself
online check out the free Security Now podcast.
Aussie blogger Troy Hunt
explains and exposes security issues.